ACL LOG: make max log entries configurable.

This commit is contained in:
antirez 2020-02-04 13:19:40 +01:00
parent 64a73e9293
commit 90fae58b49
4 changed files with 19 additions and 0 deletions

View File

@ -1576,6 +1576,12 @@ void addACLLogEntry(client *c, int reason, int keypos, sds username) {
/* Add it to our list of entires. We'll have to trim the list /* Add it to our list of entires. We'll have to trim the list
* to its maximum size. */ * to its maximum size. */
listAddNodeHead(ACLLog, le); listAddNodeHead(ACLLog, le);
while(listLength(ACLLog) > server.acllog_max_len) {
listNode *ln = listLast(ACLLog);
ACLLogEntry *le = listNodeValue(ln);
ACLFreeLogEntry(le);
listDelNode(ACLLog,ln);
}
} }
} }

View File

@ -2233,6 +2233,7 @@ standardConfig configs[] = {
/* Unsigned Long configs */ /* Unsigned Long configs */
createULongConfig("active-defrag-max-scan-fields", NULL, MODIFIABLE_CONFIG, 1, LONG_MAX, server.active_defrag_max_scan_fields, 1000, INTEGER_CONFIG, NULL, NULL), /* Default: keys with more than 1000 fields will be processed separately */ createULongConfig("active-defrag-max-scan-fields", NULL, MODIFIABLE_CONFIG, 1, LONG_MAX, server.active_defrag_max_scan_fields, 1000, INTEGER_CONFIG, NULL, NULL), /* Default: keys with more than 1000 fields will be processed separately */
createULongConfig("slowlog-max-len", NULL, MODIFIABLE_CONFIG, 0, LONG_MAX, server.slowlog_max_len, 128, INTEGER_CONFIG, NULL, NULL), createULongConfig("slowlog-max-len", NULL, MODIFIABLE_CONFIG, 0, LONG_MAX, server.slowlog_max_len, 128, INTEGER_CONFIG, NULL, NULL),
createULongConfig("acllog-max-len", NULL, MODIFIABLE_CONFIG, 0, LONG_MAX, server.acllog_max_len, 128, INTEGER_CONFIG, NULL, NULL),
/* Long Long configs */ /* Long Long configs */
createLongLongConfig("lua-time-limit", NULL, MODIFIABLE_CONFIG, 0, LONG_MAX, server.lua_time_limit, 5000, INTEGER_CONFIG, NULL, NULL),/* milliseconds */ createLongLongConfig("lua-time-limit", NULL, MODIFIABLE_CONFIG, 0, LONG_MAX, server.lua_time_limit, 5000, INTEGER_CONFIG, NULL, NULL),/* milliseconds */

View File

@ -1385,6 +1385,7 @@ struct redisServer {
dict *latency_events; dict *latency_events;
/* ACLs */ /* ACLs */
char *acl_filename; /* ACL Users file. NULL if not configured. */ char *acl_filename; /* ACL Users file. NULL if not configured. */
unsigned long acllog_max_len; /* Maximum length of the ACL LOG list. */
/* Assert & bug reporting */ /* Assert & bug reporting */
const char *assert_failed; const char *assert_failed;
const char *assert_file; const char *assert_file;

View File

@ -237,4 +237,15 @@ start_server {tags {"acl"}} {
assert {[dict get $entry object] eq {AUTH}} assert {[dict get $entry object] eq {AUTH}}
assert {[dict get $entry username] eq {antirez}} assert {[dict get $entry username] eq {antirez}}
} }
test {ACL LOG entries are limited to a maximum amount} {
r ACL LOG RESET
r CONFIG SET acllog-max-len 5
r AUTH antirez foo
for {set j 0} {$j < 10} {incr j} {
catch {r SET obj:$j 123}
}
r AUTH default ""
assert {[llength [r ACL LOG]] == 5}
}
} }